Cant get SMB Share ACL right

I’m trying to migrate my old TrueNAS settings to a new server. I simply want my SMB share to be O=nobody, G=nogroup, chmod 775.

I want anything that ANY user puts into the share (via SMB) to be forced to that O/G and chmod. No matter what I try with the filesystem ACL and Share ACL, I can’t get that to happen. Also, despite browsing goldeye docs, the full ACL details are nowhere to be found on the Edit ACL page (https://www.truenas.com/docs/scale/25.10/images/SCALE/Datasets/EditACLBuiltin_UserGroupForSMBShare.png is not accurate - I only see a small subset of this)

Don’t know why this should be this hard.

Neither the filesystem ACL nor the Share ACL have the ability to change what the owner and/or group of a file is going to be (*).

The only way I know of that could be used to implement a scenario you are describing is to use the force user /force group options in the samba settings. Maybe in combination with directory mask/create mask. However these options cannot be set with the web interface.

Maybe there was/is a guest access that maps everything to nobody? But I don’t know anything about that.

Regarding the screenshot you linked: The ACL editor depends on the ACL type that is configured in the dataset settings. The ACL editor for Posix ACL is different from the editor for NFSv4 ACL.

(*) EDIT: Setgid bit can change group

Where can I find the smb.conf file? I don’t see it in /etc anywhere? I’ll try and compare what I have configured on my “old server”.

Thanks.

It is /etc/smb4.conf in TrueNAS Scale.

OK, I had found that, but only the [global] section is in that file. Hmm. Will keep looking.

Appreciate your help.

Not sure what you can do about your main goal here, but as far as this goes:

Are you using NFSv4 permissions for the dataset? The Posix permissions editor is much simpler and that might be what you’re looking at?

My permissions screen looks the same as that screenshot.

Well, again, truenas hides that choice for the most part. I never got to choose what type of permissions I wanted to employ on the share. I created the share in the SMB shares page - I did choose “General", because the others didn’t really fit. I was never offered a choice between NFS or POSIX permissions, but since this is not an NFS share, I suppose it was defaulted.

However, that image is from the docs section about SMB Shares, so maybe there’s somewhere I could have changed it?

On my side, I created the datasets first, with the smb rights profile.

This way I set it to a specific user (admin I think), and then added the normal users or groups.

Maybe you should look at that ?

That may be the difference. I am using the root dataset and sharing a sub-directory via SMB. I can go back and remove that share and create the dataset…hopefully it’ll let me do that with the directory (and files) already in that location.

So did you create a new dataset in the Add SMB screen or the Datasets page? I just created a new share, added a dataset (/mnt/tank/new) while doing it, and this is my filesystem acl. I believe the acl type defaults to inherit here since the whole point is to simplify creating the dataset.

image1322×804 35 KB

If you created it from the datasets page with the Generic preset then you just need to go to Advanced Options and you can select the ACL type there.

Maybe if you post a screenshot of what you mean by a subset of options? Otherwise I’m not really following what the problem is.

I used “Add” from the Windows (SMB) Shares. It didn’t ask me to create or choose a specific dataset, though I used the folder browser to choose the directory I created under my pool’s root.

This is what I see:

image1847×1428 140 KB

Yeah that dataset is just using POSIX permissions. You can change to NFSv4 from the Datasets page, editing that dataset (which sounds like the root dataset of your pool? If so, I’d recommend creating a child dataset to share first), clicking Advanced Options, and changing the ACL Type to SMB/NFSv4–then you’ll see the same options as in the screenshot.